2 matches found
CVE-2024-5765
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
WordPress WpStickyBar Plugin <= 2.1.0 is vulnerable to SQL Injection
Software WpStickyBar Type Plugin Vulnerable versions = 2.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5765 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 003d2dbb7aa7 Credits Project Black Required privilege Unauthenticated...